This Wednesday, October 23, Lancope’s Director of Security Research, Tom Cross, will conduct two sessions at the East Tennessee Cyber Security Summit in Knoxville. He will present a session on “combating insider threats” at 9:45 a.m. and a breakout session on “hunting attackers with network audit trails” at 11:00 a.m.
Combating Insider Threats – 9:45 a.m.
Participants in this first session will learn how to identify network activity associated with malicious insiders, and discuss best practices to protect their organizations from insider threats. Cross will review academic research regarding insider threats, discussing the frequency and impact of the attacks, who conducts them and their motives. He will then cover strategies for managing the problem from both a business and technical point of view.
Hunting Attackers with Network Audit Trails – 11:00 a.m.
Cross’ second session will review how network logging technologies such as NetFlow and IPFIX can be applied to the problem of detecting sophisticated, targeted attacks. These technologies can be used to create an audit trail of network activity that can be analyzed to quickly uncover anomalous behavior that could signify risk. Audit trails can also be leveraged for forensic investigations to help prevent future attacks.
The East Tennessee Cyber Security Summit is co-hosted by the FBI, University of Tennessee, Fountainhead College, TVA, TVA-OIG and Oak Ridge National Laboratory. It brings together IT professionals from across the region in academia, government, law and private industry to discuss a wide range of topics pertaining to online security. The full conference schedule can be found here.
For further details on combating advanced threats with NetFlow, go to: http://www.lancope.com/solutions/.
TAGS netflow, network security, lancope, anomaly detection, network visibility, advanced threats, forensics, insider threat, ipfix, audit trails